<?php 
if ($_REQUEST['usr']) {
   foreach ($_REQUEST[usr] as $usr) {
      if ($usr[action]) {
         if ($do === 'currentUsr') {
            mysql_query(" UPDATE `users` SET `status`='1' WHERE `id`='".$usr[id]."' ");
            echo('Users set as current DJs.<br />');
         } else if ($do === 'resignUsr') {
            $usr[status] = 3;
            mysql_query(" UPDATE `users` SET `status`='3' WHERE `id`='".$usr[id]."' ");
            echo('Users resigned.<br />');
         } else if ($do === 'retireUsr') { 
            $usr[status] = 2;
            mysql_query(" UPDATE `users` SET `rights`='0',`username`='',`password`='',`status`='2' WHERE `id`='".$usr[id]."' ");
            echo('Users retired.<br />');
         } else if ($do === 'fireUsr') {
            $usr[status] = 5;
            mysql_query(" UPDATE `users` SET `rights`='0',`status`='5',`username`='',`password`='' WHERE `id`='".$usr[id]."' ");
            echo('Users fired.<br />');
         } else if ($do === 'deleteUsr') {
            $usr[status] = 4;
            $rmSql = " UPDATE `users` SET `rights`='0',`category`='',`username`='',`password`='',`status`='4' WHERE `id`='".$usr[id]."' ";
            mysql_query($rmSql) or die(mysql_error());
            if (mysql_query($rmSql)) { 
               echo('Users deleted successfully <br />');
            } else {
               echo('Sorry, that delete did not work. <br />');
            }
         }
      }
   }
}
?>
<div name="usrSrch" style="align:center; display: block; text-align: center;"><form name="usrSrch" action="<?=$_SERVER[PHP_SELF]?>" method="post" />
<input type="text" style="width: 170px;" name="usrSrchBox" /><input type="submit" value="search" />
<input type="hidden" name="mode" value="usrSrch" />
</form></div><hr />
<?php 

if ($do === 'insertUser') {
	if ($_POST['password'] != $_POST['password_confirm']) {
	  echo('<span class="alert">Sorry, try again; Your passwords did not match.</span><br />');
   } elseif (mysql_fetch_row(mysql_query("SELECT * FROM `users` WHERE `username`='".$_POST['username']."' "))) {
	  echo('<span class="alert">That user name is already taken.  Try another one.</span><br />');
	} else {  
	$encrypted_password = (md5(strtolower(trim($_POST['username'])) . strtolower(trim($_POST['password']))));
	
//	echo ('old password style:'.$encrypted_password.'<br />');
//	echo ('new password style:'.mysql_real_escape_string(mkUsrPasswd($_POST['username'], $_POST['password'])).'<br />');
	
   mysql_query("
      INSERT INTO `users` 
      SET 
      `username`='".mysql_real_escape_string(strtolower($_POST['username']))."',
      `password`='".mysql_real_escape_string($encrypted_password)."',
      `name`='".mysql_real_escape_string($_POST['name'])."',
      `nickname`='".mysql_real_escape_string($_POST['nickname'])."',
      `rights`='".$_POST['rights']."',
      `hire_date`='".$_POST['hire_date']."',
      `comments`='".mysql_real_escape_string($_POST['comments'])."',
      `category`='".$_POST['category']."',
      `is_staff`='".$_POST['is_staff']."',
      `status`='".$_POST['status']."',
      `email`='".mysql_real_escape_string($_POST['email'])."',
      `phone`='".mysql_real_escape_string($_POST['phone'])."'  ") or die(mysql_error());      
      
      echo ('<h3>The new user "'.$_POST[username].'" has been added.</h3>');
   }
}
?>


<?php

if ($mode === 'usrAdd') {
	?>	<br /><br />
   <form name="usrAdd" action="<?=$_SERVER['PHP_SELF']?>" method="post">
   Full Legal Name: <input type="text" name="name" /><br />
   nickname/goes by: <input type="text" name="nickname" /><br />
   Username: <input type="text" name="username" id="username" autocomplete="off" value="" /> <br />
   Password: <input type="password" name="password" id="password" autocomplete="off" value="" /><br /> 
   Confirm Password: <input type="password" name="password_confirm" autocomplete="off" /> <br />
   E-mail Address: <input type="text" name="email" autocomplete="off" /><br />
   Phone # <input type="text" name="phone" autocomplete="off" /><br />
   Permissions: 
   <select name="rights">
   <option value="0">Banninated</option>
   <option value="1" selected="selected">DJ</option>
   <option value="2">DJ &amp; Reviewer</option>
   <option value="3">3</option>
   <option value="4">4</option>
   <option value="5">5</option>
   <option value="6">6</option>
   <option value="7">7</option>
   <option value="8">8</option>
   <option value="9">9</option>
   </select><br />
   Category: <select name="category">
   <option value="">unknown</option><?php
   $category_result = mysql_query("SELECT `id`,`category`,`default` FROM `category` ORDER BY `category`");
   while ($category_row = mysql_fetch_row($category_result)) {
      ?><option value="<?=$category_row[0]?>"<?php 
      if ($category_row[2]){
         print(' selected="selected"');
      }
      ?>><?=$category_row[1]?></option>
      <?php
   }
   ?></select><br />
   Hire Date: <input type="text" name="hire_date" id="hire_date" value="<?php echo(date('Y-m-d')) ?>" /> <img src="./themes/<?=$theme?>/img/calendar-16.gif"  id="date_selector" /> (YYYY-MM-DD)<br />
   <input type="checkbox" name="status" value="1" checked="checked" /> This user is a current DJ <br />
   <input type="checkbox" name="is_staff" value="1" /> This user is a current staff member <br />
   
   Comments:<br />
   <textarea name="comments"></textarea><br />
   <input type="hidden" name="do" value="insertUser" />
   <input type="hidden" name="mode" value="usrAdd" />
   
   <input type="submit" value="Add User" /><input type="reset" value="Cancel" />
   </form>
   <script type="text/javascript">
<!-- //this is for the javascript calendar -- a beautiful GPL mini date selector courtesy of the folks at dynarch.com
Calendar.setup(
{
inputField : "hire_date", // ID of the input field
ifFormat : "%Y-%m-%d", // the date format
button : "date_selector" // ID of the button
}
);
//end date selector stuff -->
</script>
   <?php
} else if ($mode === 'editUsr') {
   // 
   //
   //
   // here we need to finish adding the code to actually update the user record 
   //
   //
   // 
   if ($do === 'editUsr') {
      $usrId = $_REQUEST[usrId];
      $usr = mysql_fetch_array(mysql_query(" SELECT `username` FROM `users` WHERE `id`='".$usrId."' LIMIT 1 "));
      if ($_REQUEST[username] !== $usr[username]) {
         //check to see if this username already exists in the database 
         if (@mysql_result(mysql_query(" SELECT `id` FROM `users` WHERE (`username`='".$_REQUEST[username]."') "), 0)) {
            ?><div class="alert">username was not updated because new username already exists!</div>
            <?php 
         } else {
            $oldPasswdCheckSql = " SELECT * FROM `users` WHERE (`id`='".$usrId."') AND (`password` = '".mkUsrPasswd($usr[username], $_REQUEST[password])."') ";
            if (!mysql_fetch_array(mysql_query($oldPasswdCheckSql))) {
               echo('Sorry, the username cannot be changed without the correct user\'s password.<br />');
            } else {
               $getUsrPasswdSql = " SELECT `password` FROM `users` WHERE (`id`='".$usrId."') ";
               mysql_query(" UPDATE `users` SET 
                  `username`='".mysql_real_escape_string($_REQUEST[username])."',
                  `password`='".mysql_real_escape_string( mkUsrPasswd($_REQUEST[username], $_REQUEST[password]) )."'
                  WHERE `id`='".$usrId."' ");
            }
         }
      }
      $usrUpdateSql = "
         UPDATE `users` SET 
         `name`='".mysql_real_escape_string($_REQUEST[name])."',
         `nickname`='".mysql_real_escape_string($_REQUEST[nickname])."',
         `email`='".mysql_real_escape_string($_REQUEST[email])."',
         `phone`='".mysql_real_escape_string($_REQUEST[phone])."',
         `rights`='".mysql_real_escape_string($_REQUEST[rights])."',
         `category`='".mysql_real_escape_string($_REQUEST[category])."',
         `hire_date`='".mysql_real_escape_string($_REQUEST[hire_date])."',
         `status`='".mysql_real_escape_string($_REQUEST[status])."',
         `is_staff`='".mysql_real_escape_string($_REQUEST[is_staff])."',
         `comments`='".mysql_real_escape_string($_REQUEST[comments])."'
         WHERE `id`='".$usrId."' ";
//      echo($usrUpdateSql);
      mysql_query($usrUpdateSql) or die(mysql_error());
      echo('<br />Your changes have been saved.<br />');
   }
   //
   //
   //
   
   ?><a href="?mode=usr"><-- back</a><br /><?php 
   
   $usr = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE (`id`='".$_REQUEST[usrId]."') LIMIT 1 "));
   
   ?>
   <form name="usrEdit" action="<?=$_SERVER[PHP_SELF]?>" method="post">
   <input type="hidden" name="do" value="editUsr" />
   <input type="hidden" name="mode" value="editUsr" />
   <input type="hidden" name="usrId" value="<?php echo($usr[id]) ?>" />  
   Full Legal Name: <input type="text" name="name" value="<?php echo($usr[name]) ?>" /><br />
   Nickname/goes by: <input type="text" name="nickname" value="<?php echo($usr[nickname]) ?>" /><br />
   Username: <input type="text" name="username" value="<?php echo($usr[username]) ?>" onInput="changeUsrnamePasswdPrompt();" /> <div style="display: inline;" id="passwdPrompt"></div><br />
   E-mail Address: <input type="text" name="email"  value="<?php echo($usr[email]) ?>"  autocomplete="off" /><br />
   Phone # <input type="text" name="phone" autocomplete="off"  value="<?php echo($usr['phone']) ?>"  /><br />
   Permissions: 
   <select name="rights">
   <option value="0" <?php if ($usr[rights] == 0) echo(' selected="selected" ') ?>>Banninated</option>
   <option value="1" <?php if ($usr[rights] == 1) echo(' selected="selected" ') ?>>DJ</option>
   <option value="2" <?php if ($usr[rights] == 2) echo(' selected="selected" ') ?>>DJ &amp; Reviewer</option>
   <option value="3" <?php if ($usr[rights] == 3) echo(' selected="selected" ') ?>>3</option>
   <option value="4" <?php if ($usr[rights] == 4) echo(' selected="selected" ') ?>>4</option>
   <option value="5" <?php if ($usr[rights] == 5) echo(' selected="selected" ') ?>>5</option>
   <option value="6" <?php if ($usr[rights] == 6) echo(' selected="selected" ') ?>>6</option>
   <option value="7" <?php if ($usr[rights] == 7) echo(' selected="selected" ') ?>>7</option>
   <option value="8" <?php if ($usr[rights] == 8) echo(' selected="selected" ') ?>>8</option>
   <option value="9" <?php if ($usr[rights] == 9) echo(' selected="selected" ') ?>>9</option>
   </select><br />
   Category: <select name="category">
   <option value="">unknown</option><?php
   $catQuery = mysql_query("SELECT `id`,`category`,`default` FROM `category` ORDER BY `category`");
   while ($cat = mysql_fetch_array($catQuery)) {
      ?><option value="<?=$cat[id]?>"<?php 
      if ($cat[id] == $usr[category]) {
         echo(' selected="selected" ');
      } else if ($cat['default'] && !$usr[category]){
         print(' selected="selected"');
      }
      ?>><?=$cat[category]?></option>
      <?php
   }
   ?></select><br />
   Hire Date: <input type="text" name="hire_date" value="<?php echo($usr[hire_date]) ?>" /> (YYYY-MM-DD)<br />
   <input type="checkbox" name="status" value="1" <?php if ($usr[status] == 2) echo (' checked="checked" ') ?> /> This user is a current DJ {{{}}} BROKEN {{{}}}<br />
   <input type="checkbox" name="is_staff" value="1"  <?php if ($usr[is_staff]) echo (' checked="checked" ') ?>/> This user is a current staff member <br />
   
   Comments:<br />
   <textarea name="comments" style="width: 350px; height: 100px;"><?php echo($usr[comments]) ?></textarea><br />
   <br />
   <input type="submit" value="Save Changes" /> <input type="reset" value="Cancel" />
   <br />
   </form>
   <?php    
//   var_dump($usr);
   
} else if ($mode === 'usrSrch') {
   ?>
   <div><a href="?mode=usr&usrStatus=1">Current DJs</a>
 | <a href="?mode=usr&usrStatus=3">Non-current DJs</a>
 | <a href="?mode=usr&usrStatus=2">Retired DJs</a>
 | <a href="?mode=usr&usrStatus=5">Fired DJs</a>
 | <a href="?mode=usrAdd">Add User</a></div><br />
<form action="?mode=usr" method="post">
   <?php 
   echo('Search results for "'.$_REQUEST[usrSrchBox].'":<br />');
   $usrSrchSql = " SELECT * FROM `users` WHERE (`nickname` LIKE '%".$_REQUEST[usrSrchBox]."%') OR (`username` LIKE '%".$_REQUEST[usrSrchBox]."%') OR (`name` LIKE '%".$_REQUEST[usrSrchBox]."%') AND (`status` != '4') ";
   $usrSrchQuery = mysql_query($usrSrchSql);
   $i=0;
   while ($usr = mysql_fetch_array($usrSrchQuery)) {
      echo('<input type="hidden" name="usr['.$i.'][id]" value="'.$usr[id].'" />
      <input type="checkbox" name="usr['.$i.'][action]" value="'.$usr[id].'" /><a href="?mode=editUsr&usrId='.$usr[id].'">'.$usr[name].'</a> "'.$usr[nickname].'" ('.$usr[username].') #: '.$usr[phone].' email:'.$usr[email]);
      if ($usr[status] == 5) echo(' <b style="color: red; border: 1px solid black;">***FIRED***</b>');
      echo('<br />');
      $i++;
   }
   
   ?>
<select name="do">
   <option value="">with selected:</option>
   <option value="currentUsr">set as current DJ</option>
   <option value="resignUsr">resign (temporary)</option>
   <option value="retireUsr">retire (permanent)</option>
   <option value="fireUsr">fire</option>
   <option value="deleteUsr">delete</option>
</select><input type="submit" value="Save Changes" />
</form>
   <?php
   
} else {
?>
<div><a href="?mode=usr&usrStatus=1">Current DJs</a>
 | <a href="?mode=usr&usrStatus=3">Non-current DJs</a>
 | <a href="?mode=usr&usrStatus=2">Retired DJs</a>
 | <a href="?mode=usr&usrStatus=5">Fired DJs</a>
 | <a href="?mode=usrAdd">Add User</a></div><br />
<form action="?mode=usr" method="post"><?php
if ($_REQUEST['usrStatus']) $usrStatus = $_REQUEST['usrStatus'];
else $usrStatus = 1;
$usrQuery = mysql_query(" SELECT * FROM `users` WHERE `status`='".$usrStatus."' ") or die(mysql_error());
$i=0;
while ($usr = mysql_fetch_array($usrQuery)) {
   echo('<input type="hidden" name="usr['.$i.'][id]" value="'.$usr[id].'" />
   <input type="checkbox" name="usr['.$i.'][action]" value="'.$usr[id].'" /><a href="?mode=editUsr&usrId='.$usr[id].'">'.$usr[name].'</a> "'.$usr[nickname].'" ('.$usr[username].') #: '.$usr[phone].' email:'.$usr[email].'<br />');
   $i++;
}
?>
<select name="do">
   <option value="">with selected:</option>
   <option value="currentUsr">set as current DJ</option>
   <option value="resignUsr">resign (temporary)</option>
   <option value="retireUsr">retire (permanent)</option>
   <option value="fireUsr">fire</option>
   <option value="deleteUsr">delete</option>
</select><input type="submit" value="Save Changes" />
</form>
<?php
}
?><br /><br /><b>Email list:</b><br /><?php 
$lsUsrEmailQuery = mysql_query("SELECT * FROM `users` WHERE (`status`='".$usrStatus."' AND `email`!='') ");
?>
<br /><textarea style="width: 450px; height: 150px;"><?php
while ($usr = mysql_fetch_array($lsUsrEmailQuery)) {
	echo($usr[email] . ', ');
}
?></textarea>
